14 matches found
EUVD-2025-18459
Malicious code in bioql PyPI...
EUVD-2025-18460
Malicious code in bioql PyPI...
CVE-2025-32798
The conda-build contains commands and tools to build conda packages. The conda-build recipe processing logic was found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process embedded selectors in meta.yam...
CVE-2025-32799
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...
CVE-2025-32800
CVE-2025-32800 affects the Conda-build tool. Before version 25.3.0, its pyproject.toml lists the dependency conda-index , which is not published in PyPI. An attacker could claim the namespace and upload arbitrary/malicious code, enabling exploitation during a pip install when resolving dependenci...
CVE-2025-32800 Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...
CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...
CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...
CVE-2025-32798
Conda-build (prior to 25.4.0) is vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors, currently using eval to process embedded selectors in meta.yaml files. This un sanitised input allows execution of malicious code during the build process, compromising the build ...
CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...
PT-2025-25585 · Unknown · Conda-Build
Name of the Vulnerable Software and Affected Versions: conda-build versions prior to 25.4.0 Description: The conda-build recipe processing logic is vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. This is because conda-build uses the eval function to process...
PT-2025-25580
Name of the Vulnerable Software and Affected Versions conda-build versions prior to 25.3.1 Description The issue in conda-build allows attackers with filesystem access to exploit a race condition and overwrite a temporary build script, potentially leading to arbitrary code execution under the...
PT-2025-25588 · Python +1 · Pip +2
Name of the Vulnerable Software and Affected Versions: Conda-build versions prior to 25.3.0 Description: The issue concerns a dependency injection vulnerability. Conda-build lists conda-index as a Python dependency in its pyproject.toml file. Since conda-index is not published in PyPI, an attacke...
PT-2025-25587 · Unknown · Conda-Build
Name of the Vulnerable Software and Affected Versions: Conda-build versions prior to 25.4.0 Description: The issue is related to path traversal attacks due to improper sanitization of tar entry paths in the conda-build processing logic. This could allow attackers to craft tar archives that write...